Ubuntu has issued an advisory on July 13: https://ubuntu.com/security/notices/USN-6226-1 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
This pkg is nominally with PhilippeM, but I am unsure whether he is still with us. So assigning the bug globally, CC'ing him in hope.
Assignee: bugsquad => pkg-bugsCC: (none) => makowski.mageia
Mageia 8 EOL.
CVE: (none) => CVE-2023-25399Version: Cauldron => 9Summary: python-scipy new security issues CVE-2023-25399 and CVE-2023-29824 => python-scipy new security issue CVE-2023-25399Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated package fixes a security vulnerability: A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. (CVE-2023-25399) References: https://ubuntu.com/security/notices/USN-6226-1 ======================== Updated package in core/updates_testing: ======================== python3-scipy-1.9.1-2.1.mga9 from SRPM: python-scipy-1.9.1-2.1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
RH mageia 9 x86_64 Test in combination with packages of bug#31000 Install current version LC_ALL=C urpmi python3-scipy To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") lib64python3-devel 3.10.11 1.1.mga9 x86_64 lib64python3.10-testsuite 3.10.11 1.1.mga9 x86_64 (recommended) python3-docs 3.10.11 1.1.mga9 noarch (recommended) (medium "Core Release (distrib1)") python3-numpy-f2py 1.24.3 1.mga9 x86_64 python3-scipy 1.9.1 2.mga9 x86_64 185MB of additional disk space will be used. 35MB of packages will be retrieved. Proceed with the installation of the 5 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-numpy-f2py-1.24.3-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-scipy-1.9.1-2.mga9.x86_64.rpm installing //home/katnatek/qa-testing/x86_64/lib64python3-devel-3.10.11-1.1.mga9.x86_64.rpm //home/katnatek/qa-testing/x86_64/python3-docs-3.10.11-1.1.mga9.noarch.rpm /var/cache/urpmi/rpms/python3-numpy-f2py-1.24.3-1.mga9.x86_64.rpm //home/katnatek/qa-testing/x86_64/lib64python3.10-testsuite-3.10.11-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/python3-scipy-1.9.1-2.mga9.x86_64.rpm Preparing... ###################################################################################### 1/5: lib64python3.10-testsuite ###################################################################################### 2/5: python3-docs ###################################################################################### 3/5: lib64python3-devel ###################################################################################### 4/5: python3-numpy-f2py ###################################################################################### 5/5: python3-scipy ###################################################################################### Update to testing version LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-scipy-1.9.1-2.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ###################################################################################### 1/1: python3-scipy ###################################################################################### 1/1: removing python3-scipy-1.9.1-2.mga9.x86_64 ###################################################################################### Remove packages LC_ALL=C urpme python3-scipy removing python3-scipy-1.9.1-2.1.mga9.x86_64 removing package python3-scipy-1.9.1-2.1.mga9.x86_64 1/1: removing python3-scipy-1.9.1-2.1.mga9.x86_64 ###################################################################################### writing /var/lib/rpm/installed-through-deps.list The following packages: lib64python3-devel-3.10.11-1.1.mga9.x86_64 lib64python3.10-testsuite-3.10.11-1.1.mga9.x86_64 python3-docs-3.10.11-1.1.mga9.noarch python3-numpy-f2py-1.24.3-1.mga9.x86_64 are now orphaned, if you wish to remove them, you can use "urpme --auto-orphans" LC_ALL=C urpme --auto --auto-orphans removing lib64python3-devel-3.10.11-1.1.mga9.x86_64 lib64python3.10-testsuite-3.10.11-1.1.mga9.x86_64 python3-docs-3.10.11-1.1.mga9.noarch python3-numpy-f2py-1.24.3-1.mga9.x86_64 removing package python3-numpy-f2py-1:1.24.3-1.mga9.x86_64 1/4: removing python3-numpy-f2py-1:1.24.3-1.mga9.x86_64 ###################################################################################### removing package lib64python3-devel-3.10.11-1.1.mga9.x86_64 2/4: removing lib64python3-devel-3.10.11-1.1.mga9.x86_64 ###################################################################################### removing package python3-docs-3.10.11-1.1.mga9.noarch 3/4: removing python3-docs-3.10.11-1.1.mga9.noarch ###################################################################################### removing package lib64python3.10-testsuite-3.10.11-1.1.mga9.x86_64 4/4: removing lib64python3.10-testsuite-3.10.11-1.1.mga9.x86_64 ######################################################################################
CC: (none) => andrewsfarm
Not previous round of the package, Give OK
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0078.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED